Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A tangible, non-transitory, machine-readable memory storing instructions, that when executed, cause one or more processors to perform operations comprising: sensing, with a location detector of a mobile computing device, locations of the mobile computing device a plurality of times over a duration of time to obtain a location history of time-stamped geolocations of the mobile computing device spanning a plurality of days; determining, with one or more processors of the mobile computing device, reduced resolution versions of the time-stamped geolocations in the location history, the reduced resolution versions having less resolution than sensed locations; determining, with a cryptographic hash function, with the one or more processors of the mobile computing device, a first set of cryptographic hash values each based on a respective time-stamp and respective location of a respective reduced resolution version of the time-stamped geolocations in the location history; storing in memory of the mobile computing device the first set of cryptographic hash values based on the location history of the mobile computing device; receiving, at the mobile computing device, from a remote server, via a wireless interface of the mobile computing device, location criteria specifying a geographic area related to a survey, the location criteria being sent from the remote server to a plurality of candidate computing devices including the mobile computing device; in response to receiving the location criteria, accessing, with the one or more processors of the mobile computing device, the first set of cryptographic hash values based on the location history of the mobile computing device stored in memory of the mobile computing device; determining, with the one or more processors of the mobile computing device, whether the location history satisfies the location criteria that specifies the geographic area related to the survey from the remote server, without decrypting the first set of cryptographic hash values based on the location history, without revealing the location history to the remote server, and without the location history being accessible via inspection of the mobile computing device, wherein: the location history is determined to satisfy the location criteria by determining whether any cryptographic hash values in the first set of cryptographic hash values match any cryptographic hash values in a second set of cryptographic hash values, and the second set of cryptographic hash values are each determined with the cryptographic hash function based on different subsets of the location criteria, the location criteria being at a same granularity as the reduced resolution versions of the time-stamped geolocations in the location history; and after determining that the location history satisfies the location criteria, displaying on the mobile computing device an indication that a user of the mobile computing device has an option to answer questions related to the survey, wherein determining reduced resolution versions of the time-stamped geolocations in the location history and determining the first set of cryptographic hash values comprises, for a given time-stamped geolocation in the location history; reducing a granularity of a location of the given time-stamped geolocation to a predetermined location granularity; reducing a granularity of a time of the given time-stamped geolocation to a predetermined time granularity; combining a resulting reduced-granularity location and reduced-granularity time into a string; and hashing the string with the cryptographic hash function.
This invention relates to mobile computing devices and privacy-preserving location tracking for surveys. The problem addressed is how to verify a user's presence within a specific geographic area for a survey without compromising their location privacy. The system involves a mobile computing device that continuously senses its location over multiple days, creating a detailed location history of time-stamped geolocations. This raw location data is then processed to create reduced resolution versions, meaning both the location coordinates and the timestamps are generalized to a lower granularity. For each of these reduced resolution entries, a cryptographic hash value is generated using a cryptographic hash function. This hash is based on the reduced-granularity time and location. These hash values are stored locally on the device. When a remote server sends survey-related location criteria, specifying a geographic area, the mobile device receives this information. Instead of sending its location history, the device uses its stored hash values. It compares these stored hashes with a second set of hashes generated by the server based on the survey criteria. This comparison is done without decrypting any data or revealing the actual location history to the server. The location history is considered to satisfy the criteria if any of the stored hashes match any of the server-generated hashes. This matching process ensures that the user was within the specified geographic area at the relevant times, at the same granularity as the reduced resolution data. If the criteria are met, the device displays an option to the user to answer survey questions. The process of reducing granularity involves generalizing location to a predetermined granularity and time to a predetermined gra
2. The memory of claim 1 , wherein displaying that the user has an option to answer questions related to the survey comprises inviting the user to provide data relating to criteria other than location to determine whether the user is a candidate for the survey.
This invention relates to survey systems that assess user eligibility for participation in surveys based on criteria beyond geographic location. The system presents a survey invitation to a user and determines whether the user qualifies for the survey by evaluating additional criteria, such as demographic information, behavioral data, or other relevant factors. The system collects and processes this data to filter eligible participants, ensuring surveys are directed to users who meet specific requirements. This approach enhances survey accuracy and relevance by refining participant selection beyond location-based targeting. The system may prompt the user to provide additional information, such as age, interests, or past survey responses, to further assess eligibility. By incorporating these criteria, the system improves the efficiency of survey distribution and the quality of collected data. The invention is particularly useful in market research, academic studies, and customer feedback collection, where precise targeting is essential for reliable results. The system dynamically adjusts survey invitations based on real-time data analysis, ensuring only qualified users are engaged, reducing wasted efforts and improving response rates.
3. The memory of claim 1 , comprising: sending a message to the remote server indicating that the location history satisfies the location criteria.
A system and method for managing location-based data involves tracking a user's location history and evaluating it against predefined location criteria. The system includes a mobile device that records the user's location data over time, storing this information in a local memory. The system also includes a remote server that receives and processes location data from the mobile device. When the user's location history meets specific criteria, such as visiting a particular location or following a certain route, the mobile device sends a message to the remote server to indicate this condition. The remote server then performs further actions, such as updating user profiles, triggering notifications, or adjusting services based on the location data. This system is useful for applications like personalized advertising, location-based services, or security monitoring, where real-time or historical location data is critical. The invention ensures efficient communication between the mobile device and the server, reducing unnecessary data transmission while ensuring relevant location events are reported. The system may also include additional features, such as encryption for secure data transfer or user privacy controls to manage how location data is shared.
4. The memory of claim 3 , the operations comprising: receiving the survey; and administering the survey to the user; and sending survey results obtained by administering the survey.
This invention relates to a system for managing and administering surveys to users, particularly in a digital or automated context. The system addresses the challenge of efficiently collecting and processing survey data from users, ensuring accurate and timely results. The system includes a memory storing executable instructions for performing operations related to survey management. These operations include receiving a survey, which may involve loading or retrieving a predefined survey from a database or external source. The system then administers the survey to a user, which may involve presenting the survey questions to the user through a user interface, capturing user responses, and validating the input. After administration, the system sends the survey results, which may include compiling the responses, analyzing the data, and transmitting the results to a designated recipient or storage location. The system may also include additional features such as user authentication, survey customization, and result reporting to enhance functionality. The invention aims to streamline the survey process, reduce manual intervention, and improve data accuracy.
5. The memory of claim 1 , the operations comprising: periodically obtaining locations from a global-positioning system (GPS) device of the mobile computing device; and sending at least part of the location history to the remote server in response to receiving a user election to answer the questions.
This invention relates to location tracking and data collection in mobile computing devices, addressing the need for privacy-preserving yet accurate location history sharing. The system involves a mobile computing device equipped with a global-positioning system (GPS) device that periodically records its location data. The device stores this location history locally and provides users with the ability to selectively share portions of it with a remote server. The sharing occurs only when the user explicitly elects to answer questions posed by the server, ensuring that location data is transmitted only with user consent. The remote server receives and processes the shared location history for applications such as personalized services, analytics, or other location-based functionalities. The invention emphasizes user control over data sharing while enabling location-aware applications to function effectively. The system may also include additional features such as data encryption, user interface elements for managing location sharing preferences, and mechanisms to ensure the integrity and accuracy of the transmitted location data. The overall goal is to balance privacy with utility by allowing users to decide when and how their location history is shared.
6. The memory of claim 1 , comprising: upon ascertaining that the location history satisfies the location criteria, displaying a reward for participating in the survey.
This invention relates to a system for incentivizing user participation in surveys by offering rewards based on location history. The system monitors a user's location data over time to determine if it meets predefined location criteria, such as visiting specific geographic areas or spending time in certain locations. When the criteria are satisfied, the system displays a reward, such as a discount, coupon, or points, to encourage the user to complete a survey. The reward is tailored to the user's location history, making it more relevant and motivating. The system may also track survey completion and adjust future rewards based on user engagement. This approach aims to improve survey participation rates by providing immediate, location-based incentives. The invention is particularly useful for market research, customer feedback collection, and location-based advertising, where user engagement is critical. By leveraging location data, the system ensures that rewards are contextually relevant, increasing the likelihood of user participation. The invention may be implemented in mobile applications, loyalty programs, or digital advertising platforms to enhance user interaction and data collection.
7. The memory of claim 1 , wherein: determining whether the location history satisfies the location criteria that specifies the geographic area related to the survey from the remote server comprises: obtaining survey criteria expressed as alternative criteria; determining one or more combined time-stamps and locations for each alternative criteria; and determining the second set of cryptographic hash values comprises determining a cryptographic hash value of each of the one or more combined time-stamps and locations determined for each alternative criteria, the cryptographic hash values determined with the cryptographic hash function being at a same granularity as the reduced resolution versions of the time-stamped geolocations in the location history.
This invention relates to privacy-preserving location-based survey systems, specifically addressing the challenge of verifying user participation in surveys while protecting location data privacy. The system determines whether a user's location history meets predefined geographic criteria for a survey without exposing raw location data. The process involves obtaining survey criteria expressed as alternative conditions, each defining a different geographic area or time-based rule. For each alternative criterion, the system generates combined time-stamp and location data points. A cryptographic hash function then computes hash values for these combined data points, ensuring the output matches the reduced resolution of the user's stored location history. This approach allows the system to verify survey eligibility without revealing precise location details, enhancing privacy while maintaining data integrity. The method ensures that the hash values are computed at the same granularity as the stored location data, preventing unauthorized reconstruction of exact locations. The invention is part of a broader system for securely processing location-based surveys, where user location histories are stored in reduced resolution to further protect privacy.
8. The memory of claim 7 , wherein: the survey criteria include N alternative times and M alternative geolocations, where N and M are integer values greater than one; determining the second set of cryptographic hash values comprises determining a cryptographic hash value of each of alternative criteria comprises determining N times M cryptographic hash values corresponding to each combination of the alternative times and alternative geolocations.
This invention relates to a system for securely storing and processing survey criteria in a memory device, particularly for applications requiring cryptographic verification of survey data. The problem addressed is the need to efficiently and securely handle multiple alternative survey criteria, such as different times and geolocations, while ensuring data integrity and authenticity. The memory stores survey criteria that include N alternative times and M alternative geolocations, where N and M are integers greater than one. The system generates cryptographic hash values for each combination of these alternatives, resulting in N times M hash values. These hash values are used to verify the integrity and authenticity of the survey data, ensuring that the criteria used in the survey match the expected values. The memory also stores a first set of cryptographic hash values corresponding to the original survey criteria and a second set of cryptographic hash values corresponding to the alternative criteria. The second set is derived by computing a cryptographic hash value for each combination of the alternative times and geolocations. This approach allows for flexible survey criteria while maintaining strong cryptographic security. The system ensures that any deviation from the predefined survey criteria can be detected, preventing tampering or unauthorized modifications. The use of cryptographic hashing provides a robust mechanism for verifying the survey data, making it suitable for applications requiring high security and reliability.
9. The memory of claim 1 , wherein receiving, at the mobile computing device, from a remote server, via a wireless interface of the mobile computing device, location criteria comprises: obtaining the location criteria via an anonymizing proxy server with a pull request.
A system and method for securely obtaining location criteria on a mobile computing device involves receiving location data from a remote server through a wireless interface. The mobile device communicates with the remote server via an anonymizing proxy server, which acts as an intermediary to enhance privacy. The anonymizing proxy server retrieves the location criteria using a pull request, ensuring that the mobile device's identity and direct connection to the remote server remain obscured. This approach mitigates risks associated with direct data exposure, such as tracking or unauthorized access. The location criteria may include geographic boundaries, coordinates, or other spatial parameters relevant to applications like navigation, geofencing, or location-based services. The anonymizing proxy server processes the request, fetches the required data from the remote server, and forwards it to the mobile device without revealing the device's identity or direct network details. This method enhances security and privacy by preventing direct exposure of the mobile device's network interactions with the remote server. The system is particularly useful in scenarios where location data must be accessed securely, such as in enterprise applications, personal privacy settings, or compliance with data protection regulations.
10. The memory of claim 1 , wherein: sensing locations comprises obtaining locations with steps for obtaining locations.
A system and method for determining sensing locations in a memory device involves identifying specific memory addresses or regions where data sensing operations are performed. The process includes obtaining these locations by executing a series of steps to determine the precise memory addresses or regions where sensing, such as read or write operations, will occur. This may involve analyzing memory access patterns, error detection, or other criteria to select optimal sensing locations. The method ensures accurate and efficient data retrieval or storage by dynamically or statically determining these locations based on predefined or adaptive criteria. The system may include memory controllers, sensors, or other components that execute these steps to identify and manage sensing locations, improving memory performance, reliability, or energy efficiency. The approach may be applied in various memory technologies, including DRAM, flash, or emerging non-volatile memories, to enhance data handling processes.
11. The memory of claim 1 , wherein: receiving location criteria comprises performing steps for obtaining survey criteria.
This invention relates to a system for managing and processing location-based data, particularly for applications requiring precise geographic information. The problem addressed is the need for accurate and efficient collection of location criteria, which is essential for various applications such as navigation, mapping, and surveying. The system includes a memory configured to store location criteria, which are obtained through a process of surveying. This involves collecting data points that define specific geographic boundaries or areas of interest. The survey criteria are used to refine and validate the location data, ensuring accuracy and reliability. The system may also include a processor that executes instructions to process and analyze the location criteria, enabling real-time adjustments and improvements to the geographic data. The survey criteria may include parameters such as coordinate precision, boundary definitions, and environmental factors that influence location accuracy. By integrating these criteria, the system enhances the reliability of location-based services, reducing errors and improving user experience. The invention is particularly useful in applications where precise location data is critical, such as autonomous vehicle navigation, urban planning, and disaster response. The system may also include input and output interfaces to facilitate data collection and user interaction. The input interface allows for the entry of survey criteria, while the output interface provides visual or textual representations of the processed location data. This ensures that users can easily interpret and utilize the information for their specific needs. Overall, the invention provides a robust solution for managing location-based data, leveraging survey crite
12. The memory of claim 1 , wherein: the operations comprise sending at least part of the location history to the remote server after ascertaining the location history in memory satisfies the location criteria in response to a user providing permission to send the at least part of the location history.
A system and method for managing and selectively sharing location history data involves storing location data of a device in memory, analyzing the stored location data to determine if it meets predefined location criteria, and transmitting at least a portion of the location history to a remote server only after confirming the data satisfies the criteria and obtaining user permission. The location criteria may include factors such as time, distance, or specific geographic boundaries. The system ensures privacy by requiring explicit user consent before sharing any location data, preventing unauthorized transmission. The remote server may process the received location history for various applications, such as navigation, location-based services, or analytics. The method includes monitoring the device's location over time, storing the location data locally, and performing periodic checks to determine if the stored data meets the criteria before prompting the user for permission to share. This approach balances data utility with user privacy, allowing selective sharing of location information while maintaining control over personal data. The system may also include additional features such as encryption, secure transmission protocols, and user-configurable settings to further enhance privacy and security.
13. The memory of claim 1 , wherein determining reduced resolution versions of the time-stamped geolocations in the location history comprises: selecting an identifier from a set of identifiers to reduce the granularity of a location of a given time-stamped geolocation responsive to coordinates of the location indicating a geographic area corresponding to the identifier, wherein: the location of the given time-stamped geolocation includes the coordinates, as measured by the location detector, and the set of identifiers have a predetermined granularity less than location coordinates and each identifier in the set corresponds to a given geographic area.
This invention relates to systems for processing and reducing the resolution of time-stamped geolocation data to enhance privacy while preserving useful location information. The problem addressed is the need to balance privacy concerns with the utility of location data, particularly in scenarios where high-resolution coordinates may reveal sensitive information. The solution involves generating reduced-resolution versions of geolocation data by replacing precise coordinates with broader geographic identifiers. These identifiers correspond to predefined geographic areas, such as regions or zones, and are selected based on the original coordinates. The granularity of these identifiers is predetermined to be coarser than the original location coordinates, ensuring that the reduced-resolution data obscures exact positions while still maintaining general location trends. This approach allows for privacy-preserving analysis of location histories, such as in mapping applications or user behavior studies, without exposing precise user movements. The system dynamically selects the appropriate identifier for each geolocation entry based on its coordinates, ensuring consistent reduction in resolution across the dataset. This method is particularly useful in applications where location data must comply with privacy regulations or where users opt for anonymized tracking.
14. A method, comprising: sensing, with a location detector of a mobile computing device, locations of the mobile computing device a plurality of times over a duration of time to obtain a location history of time-stamped geolocations of the mobile computing device spanning a plurality of days; determining, with one or more processors of the mobile computing device, reduced resolution versions of the time-stamped geolocations in the location history, the reduced resolution versions having less resolution than sensed locations; determining, with a cryptographic hash function, with the one or more processors of the mobile computing device, a first set of cryptographic hash values each based on a respective time-stamp and respective location of a respective reduced resolution version of the time-stamped geolocations in the location history; storing in memory of the mobile computing device the first set of cryptographic hash values based on the location history of the mobile computing device; receiving, at the mobile computing device, from a remote server, via a wireless interface of the mobile computing device, location criteria specifying a geographic area related to a survey, the location criteria being sent from the remote server to a plurality of candidate computing devices including the mobile computing device; in response to receiving the location criteria, accessing, with one or more processors of the mobile computing device, the first set of cryptographic hash values based on the location history of the mobile computing device stored in memory of the mobile computing device; determining, with the one or more processors of the mobile computing device, whether the location history satisfies the location criteria that specifies the geographic area related to the survey from the remote server, without decrypting the first set of cryptographic hash values based on the location history, without revealing the location history to the remote server, and without the location history being accessible via inspection of the mobile computing device, wherein: the location history is determined to satisfy the location criteria by determining whether any cryptographic hash values in the first set of cryptographic hash values match any cryptographic hash values in a second set of cryptographic hash values, and the second set of cryptographic hash values are each determined with the cryptographic hash function based on different subsets of the location criteria, the location criteria being at a same granularity as the reduced resolution versions of the time-stamped geolocations in the location history; and after determining that the location history satisfies the location criteria, displaying on the mobile computing device an indication that a user of the mobile computing device has an option to answer questions related to the survey, wherein determining whether the location history satisfies the location criteria that specifies the geographic area related to the survey from the remote server comprises: obtaining survey criteria expressed as alternative criteria; determining one or more combined time-stamps and locations for each alternative criteria; and determining the second set of cryptographic hash values comprises determining a cryptographic hash value of each of the one or more combined time-stamps and locations determined for each alternative criteria, the cryptographic hash values determined with the cryptographic hash function being at a same granularity as the reduced resolution versions of the time-stamped geolocations in the location history.
This invention relates to privacy-preserving location-based surveys on mobile computing devices. The problem addressed is enabling survey participation based on location history without exposing sensitive geolocation data to third parties or making it inspectable on the device. The method involves a mobile device periodically sensing its geolocation over multiple days to create a time-stamped location history. This data is processed into reduced-resolution versions to limit precision. A cryptographic hash function generates hash values from each time-stamped location pair, creating a first set of hashed values stored locally. When a remote server sends location-based survey criteria to multiple devices, the mobile device accesses its stored hash values. Without decrypting or revealing the original location data, the device checks if any of its hashed locations match a second set of hashed values derived from the survey criteria. The second set is generated by hashing combinations of time-stamps and locations specified in the survey criteria, ensuring matching granularity. If matches are found, the device displays an option to participate in the survey. The survey criteria may include alternative conditions, each processed similarly to generate corresponding hash values for comparison. This approach allows location-based survey targeting while maintaining user privacy by never exposing raw location data.
15. The method of claim 14 , wherein: determining the first set of cryptographic hash values comprises: for a given time-stamped geolocation in the location history: reducing a granularity of a location of the given time-stamped geolocation to a predetermined granularity; reducing a granularity of a time of the given time-stamped geolocation to a predetermined granularity; combining a resulting reduced-granularity location and reduced-granularity time into a string; and hashing the string with means for cryptographically hashing the string.
This invention relates to privacy-preserving location data processing, specifically for generating cryptographic hash values from time-stamped geolocation data to enable secure and anonymized analysis. The problem addressed is the need to protect individual privacy while still allowing useful aggregation and analysis of location data, such as for mobility studies or urban planning. The method processes a location history containing multiple time-stamped geolocations. For each geolocation, the method reduces the precision of both the location and time to predetermined granularities. For example, a precise GPS coordinate might be rounded to a city block level, and a timestamp might be rounded to the nearest hour. The reduced-granularity location and time are then combined into a single string, which is cryptographically hashed using a secure hashing algorithm. This produces a hash value that represents the anonymized geolocation without revealing the original precise data. The hashing process ensures that the original location and time cannot be derived from the output, while still allowing for comparison and aggregation of hashed values. This enables analysis of movement patterns, frequency of visits to certain areas, or other location-based metrics without compromising individual privacy. The method can be applied to datasets from mobile devices, GPS trackers, or other sources where location history is recorded. The predetermined granularities can be adjusted based on the desired balance between privacy and analytical utility.
16. The method of claim 14 , wherein determining reduced resolution versions of the time-stamped geolocations in the location history comprises: selecting an identifier from a set of identifiers to reduce the granularity of a location of a given time-stamped geolocation responsive to coordinates of the location indicating a geographic area corresponding to the identifier, wherein: the location of the given time-stamped geolocation includes the coordinates, as measured by the location detector, and the set of identifiers have a predetermined granularity less than location coordinates and each identifier in the set corresponds to a given geographic area.
This invention relates to privacy-preserving techniques for processing location data. The problem addressed is the need to reduce the resolution of time-stamped geolocation data to protect user privacy while retaining useful information for analysis. The method involves processing a location history containing time-stamped geolocations, where each geolocation includes coordinates measured by a location detector. To reduce resolution, the method selects an identifier from a predefined set of identifiers based on the coordinates of a given geolocation. Each identifier corresponds to a geographic area with a predetermined granularity coarser than the original location coordinates. The identifier is chosen if the geolocation's coordinates fall within the geographic area associated with that identifier. This approach replaces precise coordinates with broader geographic identifiers, effectively anonymizing the data while preserving spatial context. The method ensures that location data is processed in a way that reduces the risk of identifying specific individuals or locations, addressing privacy concerns in location-based services and analytics. The technique is particularly useful for applications requiring location data analysis while complying with privacy regulations or user consent requirements.
17. A mobile computing device, comprising: one or more processors; a location detector coupled to the one or more processors; a wireless interface coupled to the one or more processors; and memory coupled to the one or more processors, the memory storing instructions that when executed by the one or more processors cause the one or more processors to perform operations comprising: sensing, with the location detector of the mobile computing device, locations of the mobile computing device a plurality of times over a duration of time to obtain a location history of time-stamped geolocations of the mobile computing device spanning a plurality of days; determining, with the one or more processors of the mobile computing device, reduced resolution versions of the time-stamped geolocations in the location history, the reduced resolution versions having less resolution than sensed locations; determining, with a cryptographic hash function, with the one or more processors of the mobile computing device, a first set of cryptographic hash values each based on a respective time-stamp and respective location of a respective reduced resolution version of the time-stamped geolocations in the location history; storing in the memory of the mobile computing device the first set of cryptographic hash values based on the location history of the mobile computing device; receiving, at the mobile computing device, from a remote server, via the wireless interface of the mobile computing device, location criteria specifying a geographic area related to a survey, the location criteria being sent from the remote server to a plurality of candidate computing devices including the mobile computing device; in response to receiving the location criteria, accessing, with the one or more processors of the mobile computing device, the first set of cryptographic hash values based on the location history of the mobile computing device stored in memory of the mobile computing device; determining, with the one or more processors of the mobile computing device, whether the location history satisfies the location criteria that specifies the geographic area related to the survey from the remote server, without decrypting the first set of cryptographic hash values based on the location history, without revealing the location history to the remote server, and without the location history being accessible via inspection of the mobile computing device, wherein: the location history is determined to satisfy the location criteria by determining whether any cryptographic hash values in the first set of cryptographic hash values match any cryptographic hash values in a second set of cryptographic hash values, and the second set of cryptographic hash values are each determined with the cryptographic hash function based on different subsets of the location criteria, the location criteria being at a same granularity as the reduced resolution versions of the time-stamped geolocations in the location history; and after determining that the location history satisfies the location criteria, displaying on the mobile computing device an indication that the user of the mobile computing device has an option to answer questions related to the survey, wherein: the location criteria are expressed as alternative criteria and a range of encrypted location/time values are compared to the first set of cryptographic hash values, the second set of cryptographic hash values are each determined the with one or more processors of the mobile computing device, a given one of the location criteria specifies multiple time ranges; and the second set of cryptographic hash values comprises multiple hash values each based on the given one of the location criteria and a different one of the multiple time ranges.
A mobile computing device includes processors, a location detector, a wireless interface, and memory storing instructions for privacy-preserving location-based surveys. The device senses its geolocations over multiple days, creating a time-stamped location history. To protect privacy, the device generates reduced-resolution versions of these locations and computes cryptographic hash values for each, storing them locally. When a remote server sends location criteria for a survey, the device checks if its location history matches the criteria by comparing its stored hash values against a second set of hash values derived from the criteria. This comparison occurs without decrypting the hash values, revealing the location history to the server, or making the history accessible via device inspection. The criteria may include alternative conditions and multiple time ranges, with hash values computed for each. If a match is found, the device displays an option for the user to participate in the survey. This approach ensures location data remains private while enabling targeted survey participation based on geographic relevance.
18. The device of claim 17 , wherein: determining the first set of cryptographic hash values comprises: for a given time-stamped geolocation in the location history: reducing a granularity of a location of the given time-stamped geolocation to a predetermined granularity; reducing a granularity of a time of the given time-stamped geolocation to a predetermined granularity; combining a resulting reduced-granularity location and reduced-granularity time into a string; and hashing the string with means for cryptographically hashing the string.
This invention relates to privacy-preserving location data processing, specifically for generating cryptographic hash values from time-stamped geolocation data to obscure precise location and time details. The problem addressed is the need to protect user privacy while still allowing analysis of location history data, such as for contact tracing or mobility pattern studies. The invention involves a device that processes a location history containing multiple time-stamped geolocations. For each geolocation in the history, the device reduces the precision of both the location and time to predetermined granularity levels. For example, a precise GPS coordinate might be rounded to a city block level, and a timestamp might be rounded to the nearest hour. The reduced-granularity location and time are then combined into a string, which is cryptographically hashed to produce a hash value. This process is repeated for all geolocations in the history to generate a set of hash values. The hashing obscures the original data while preserving the ability to compare or analyze the processed data in an anonymized form. The predetermined granularity levels for location and time can be adjusted based on the specific privacy requirements or use case. The cryptographic hashing ensures that the original data cannot be easily reconstructed from the hash values, providing an additional layer of privacy protection. This approach allows for the analysis of aggregated location data without exposing sensitive individual-level details.
19. The device of claim 17 , wherein determining reduced resolution versions of the time-stamped geolocations in the location history comprises: selecting an identifier from a set of identifiers to reduce the granularity of a location of a given time-stamped geolocation responsive to coordinates of the location indicating a geographic area corresponding to the identifier, wherein: the location of the given time-stamped geolocation includes the coordinates, as measured by the location detector, and the set of identifiers have a predetermined granularity less than location coordinates and each identifier in the set corresponds to a given geographic area.
This invention relates to a device for processing location data to reduce resolution while preserving meaningful geographic context. The problem addressed is the need to balance privacy and data utility when handling precise geolocation information, such as in location history datasets. The device processes time-stamped geolocations by converting them into lower-resolution versions while maintaining geographic relevance. This is achieved by selecting an identifier from a predefined set, where each identifier corresponds to a broader geographic area. The identifier is chosen based on the original coordinates of the geolocation, effectively grouping precise coordinates into larger, less specific regions. The set of identifiers has a predetermined granularity that is coarser than the original coordinates, ensuring reduced precision while still providing useful geographic context. This approach allows for privacy-preserving location data analysis, such as in mobility studies or location-based services, where exact coordinates are unnecessary or undesirable. The device may also include a location detector to capture the original geolocations and a processor to perform the resolution reduction. The method ensures that the reduced-resolution versions retain meaningful geographic information while obscuring exact positions.
20. A tangible, non-transitory, machine-readable memory storing instructions, that when executed, cause one or more processors to perform operations comprising: sensing, with a location detector of a mobile computing device, locations of the mobile computing device a plurality of times over a duration of time to obtain a location history of time-stamped geolocations of the mobile computing device spanning a plurality of days; determining, with one or more processors of the mobile computing device, reduced resolution versions of the time-stamped geolocations in the location history, the reduced resolution versions having less resolution than sensed locations; determining, with a cryptographic hash function, with the one or more processors of the mobile computing device, a first set of cryptographic hash values each based on a respective time-stamp and respective location of a respective reduced resolution version of the time-stamped geolocations in the location history; storing in memory of the mobile computing device the first set of cryptographic hash values based on the location history of the mobile computing device; receiving, at the mobile computing device, from a remote server, via a wireless interface of the mobile computing device, location criteria specifying a geographic area related to an offer, the location criteria being sent from the remote server to a plurality of candidate computing devices including the mobile computing device; in response to receiving the location criteria, accessing, with the one or more processors of the mobile computing device, the first set of cryptographic hash values based on the location history of the mobile computing device stored in memory of the mobile computing device; determining, with the one or more processors of the mobile computing device, whether the location history satisfies the location criteria that specifies the geographic area related to the offer from the remote server, without decrypting the first set of cryptographic hash values based on the location history, without revealing the location history to the remote server, and without the location history being accessible via inspection of the mobile computing device, wherein: the location history is determined to satisfy the location criteria by determining whether any cryptographic hash values in the first set of cryptographic hash values match any cryptographic hash values in a second set of cryptographic hash values, and the second set of cryptographic hash values are each determined with the cryptographic hash function based on different subsets of the location criteria, the location criteria being at a same granularity as the reduced resolution versions of the time-stamped geolocations in the location history; and upon determining that the location history satisfies the location criteria, displaying on the mobile computing device an indication that an offer is available to the user of the mobile computing device, wherein: the location criteria comprises a plurality of locations and a time range, and the different subsets of the location criteria comprise permutations of the plurality of locations and times within the time range, each permutation corresponding to a different cryptographic hash value in the second set of cryptographic hash values.
This invention relates to privacy-preserving location-based services for mobile computing devices. The problem addressed is enabling targeted offers or notifications based on a user's location history while maintaining privacy, ensuring the location data is not exposed to remote servers or inspectable on the device. The system involves a mobile computing device that records its geolocation over multiple days, creating a time-stamped location history. To protect privacy, the device generates reduced-resolution versions of these geolocations, which are then processed using a cryptographic hash function to produce a set of hash values. These hash values are stored locally on the device and represent the location history in an encrypted form that cannot be decrypted or inspected. When a remote server sends location criteria for an offer (e.g., a geographic area and time range), the mobile device checks if its location history matches the criteria by comparing its stored hash values against a second set of hash values derived from the criteria. The comparison is done without revealing the actual location history to the server or making it accessible on the device. If a match is found, the device displays an indication that the offer is available. The location criteria may include multiple locations and time ranges, with permutations of these parameters generating different hash values for comparison. This approach ensures location-based services can be delivered without compromising user privacy.
21. The memory of claim 20 , wherein: determining the first set of cryptographic hash values comprises: for a given time-stamped geolocation in the location history: reducing a granularity of a location of the given time-stamped geolocation to a predetermined granularity; reducing a granularity of a time of the given time-stamped geolocation to a predetermined granularity; combining a resulting reduced-granularity location and reduced-granularity time into a string; and hashing the string with means for cryptographically hashing the string.
This invention relates to privacy-preserving techniques for processing geolocation data, specifically for generating cryptographic hash values from time-stamped geolocation records to enable secure and anonymized analysis. The problem addressed is the need to protect user privacy while still allowing useful analysis of location data, such as for compliance, security, or personalization purposes. The invention involves a memory storing a location history of a user device, where each entry includes a time-stamped geolocation. To process this data, the system determines a first set of cryptographic hash values by applying a series of transformations to each time-stamped geolocation. For a given geolocation record, the system first reduces the granularity of the location to a predetermined level (e.g., rounding to a city or neighborhood level). Similarly, the system reduces the granularity of the timestamp to a predetermined level (e.g., rounding to the nearest hour or day). The reduced-granularity location and time are then combined into a string, which is cryptographically hashed to produce a hash value. This process is repeated for each geolocation in the history, resulting in a set of hashed values that obscure the original precise location and time while preserving the ability to analyze patterns or trends. The method ensures that individual user movements remain private, as the hashed values do not reveal exact coordinates or timestamps, while still allowing aggregated analysis. The predetermined granularity levels can be adjusted based on the desired balance between privacy and utility. This approach is useful for applications requiring location-based services without compromising user anonymity.
22. The memory of claim 20 , wherein determining reduced resolution versions of the time-stamped geolocations in the location history comprises: selecting an identifier from a set of identifiers to reduce the granularity of a location of a given time-stamped geolocation responsive to coordinates of the location indicating a geographic area corresponding to the identifier, wherein: the location of the given time-stamped geolocation includes the coordinates, as measured by the location detector, and the set of identifiers have a predetermined granularity less than location coordinates and each identifier in the set corresponds to a given geographic area.
This invention relates to systems for processing and reducing the resolution of time-stamped geolocation data stored in a memory. The problem addressed is the need to manage and simplify detailed geolocation data, such as GPS coordinates, to a lower granularity while preserving meaningful location information. The solution involves selecting identifiers from a predefined set to represent broader geographic areas, reducing the precision of individual time-stamped geolocations. The system processes a location history containing time-stamped geolocations, each with precise coordinates measured by a location detector. To reduce resolution, the system checks if the coordinates of a given geolocation fall within a geographic area associated with an identifier from a predefined set. Each identifier corresponds to a geographic area with a predetermined granularity coarser than the original coordinates. For example, a city name or postal code may replace exact GPS coordinates. This approach allows for efficient storage and processing of location data while maintaining useful location context. The identifiers are selected based on the coordinates, ensuring that the reduced-resolution data still reflects the original geographic context. This method is particularly useful for applications requiring location data aggregation or privacy-preserving analytics.
23. The memory of claim 20 , wherein: determining whether the location history satisfies the location criteria that specifies the geographic area related to the survey from the remote server comprises: obtaining survey criteria expressed as alternative criteria; determining one or more combined time-stamps and locations for each alternative criteria; and determining the second set of cryptographic hash values comprises determining a cryptographic hash value of each of the one or more combined time-stamps and locations determined for each alternative criteria, the cryptographic hash values determined with the cryptographic hash function being at a same granularity as the reduced resolution versions of the time-stamped geolocations in the location history.
This invention relates to privacy-preserving location-based survey systems, specifically methods for verifying user participation in surveys while protecting location data privacy. The problem addressed is ensuring accurate survey validation without exposing raw geolocation data, which is critical for compliance with privacy regulations and user trust. The system involves a memory storing instructions for processing location history data to determine survey eligibility. The process includes obtaining survey criteria expressed as alternative conditions, such as multiple geographic areas or time-based rules. For each alternative criterion, the system determines combined timestamps and locations, then generates cryptographic hash values for these combinations. These hash values are computed using the same granularity as the reduced-resolution versions of the time-stamped geolocations in the user's location history, ensuring consistency and privacy. The system then compares these hash values to verify if the user's location history meets the survey criteria, allowing participation validation without exposing raw location data. This approach enables secure, privacy-compliant survey validation while maintaining the integrity of the verification process.
24. The memory of claim 23 , wherein: the survey criteria include N alternative times and M alternative geolocations, where N and M are integer values greater than one; determining the second set of cryptographic hash values comprises determining a cryptographic hash value of each of alternative criteria comprises determining N times M cryptographic hash values corresponding to each combination of the alternative times and alternative geolocations.
This invention relates to a system for securely managing survey criteria in a distributed computing environment. The problem addressed is the need to efficiently and securely evaluate multiple alternative survey criteria, such as different times and geolocations, while ensuring data integrity and privacy. The system stores survey criteria in a memory, where the criteria include N alternative times and M alternative geolocations, with N and M being integers greater than one. For each combination of these alternatives, the system generates a cryptographic hash value. Specifically, it computes N times M cryptographic hash values, each corresponding to a unique pairing of an alternative time and an alternative geolocation. This approach allows for secure verification of survey criteria without exposing the original data, ensuring that the criteria can be validated while maintaining confidentiality. The system may also include a processor that executes instructions to perform these operations, and a network interface for communicating with other devices. The cryptographic hash values are used to verify the integrity and authenticity of the survey criteria, ensuring that the data has not been tampered with. This method is particularly useful in applications where multiple survey options must be evaluated securely, such as in distributed surveys, location-based services, or time-sensitive data collection systems. The use of cryptographic hashing ensures that the survey criteria remain protected while still being verifiable.
25. A tangible, non-transitory, machine-readable memory storing instructions, that when executed, cause one or more processors to perform operations comprising: sensing, with a location detector of a mobile computing device, locations of the mobile computing device a plurality of times over a duration of time to obtain a location history of time-stamped geolocations of the mobile computing device spanning a plurality of days; determining, with one or more processors of the mobile computing device, reduced resolution versions of the time-stamped geolocations in the location history, the reduced resolution versions having less resolution than sensed locations; determining, with a cryptographic hash function, with the one or more processors of the mobile computing device, a first set of cryptographic hash values each based on a respective time-stamp and respective location of a respective reduced resolution version of the time-stamped geolocations in the location history; storing in memory of the mobile computing device the first set of cryptographic hash values based on the location history of the mobile computing device; receiving, at the mobile computing device, from a remote server, via a wireless interface of the mobile computing device, location criteria specifying a geographic area related to a survey, the location criteria being sent from the remote server to a plurality of candidate computing devices including the mobile computing device; in response to receiving the location criteria, accessing, with the one or more processors of the mobile computing device, the first set of cryptographic hash values based on the location history of the mobile computing device stored in memory of the mobile computing device; determining, with the one or more processors of the mobile computing device, whether the location history satisfies the location criteria that specifies the geographic area related to the survey from the remote server, without decrypting the first set of cryptographic hash values based on the location history, without revealing the location history to the remote server, and without the location history being accessible via inspection of the mobile computing device, wherein: the location history is determined to satisfy the location criteria by determining whether any cryptographic hash values in the first set of cryptographic hash values match any cryptographic hash values in a second set of cryptographic hash values, and the second set of cryptographic hash values are each determined with the cryptographic hash function based on different subsets of the location criteria, the location criteria being at a same granularity as the reduced resolution versions of the time-stamped geolocations in the location history; and after determining that the location history satisfies the location criteria, displaying on the mobile computing device an indication that a user of the mobile computing device has an option to answer questions related to the survey, wherein: the location criteria comprises a plurality of locations and a time range, and the different subsets of the location criteria comprise permutations of the plurality of locations and times within the time range, each permutation corresponding to a different cryptographic hash value in the second set of cryptographic hash values.
A mobile computing device collects and processes location data to enable privacy-preserving survey participation. The device continuously senses its geolocation over multiple days, creating a time-stamped location history. To protect privacy, the device generates reduced-resolution versions of these locations and computes cryptographic hash values for each, storing them locally. When a remote server broadcasts survey location criteria (defining a geographic area and time range), the device checks if its location history matches the criteria by comparing its stored hash values against a second set of hash values derived from permutations of the survey's location and time parameters. This comparison occurs locally without exposing the raw location history to the server or allowing external inspection. If a match is found, the device displays an option for the user to participate in the survey. The system ensures location data remains private while enabling targeted survey invitations based on geographic relevance. The reduced resolution and cryptographic hashing prevent reconstruction of precise location data, maintaining user privacy throughout the process.
26. The memory of claim 25 , wherein: determining the first set of cryptographic hash values comprises: for a given time-stamped geolocation in the location history: reducing a granularity of a location of the given time-stamped geolocation to a predetermined location granularity; reducing a granularity of a time of the given time-stamped geolocation to a predetermined time granularity; combining a resulting reduced-granularity location and reduced-granularity time into a string; and hashing the string with means for cryptographically hashing the string.
This invention relates to privacy-preserving techniques for processing geolocation data. The problem addressed is the need to analyze location histories while protecting user privacy by obscuring precise location and time details. The invention involves generating cryptographic hash values from geolocation data to enable privacy-preserving analysis. The system processes a location history containing time-stamped geolocations. For each geolocation entry, the system reduces the precision of both the location and time to predetermined granularities. For example, a precise GPS coordinate might be rounded to a city-level granularity, and a timestamp might be rounded to the nearest hour. The reduced-granularity location and time are then combined into a string, which is cryptographically hashed to produce a value that obscures the original data while allowing for comparison or analysis. This approach enables applications such as location-based services, analytics, or compliance checks to operate on anonymized data. The hashing ensures that individual entries cannot be traced back to their original precise locations or times, while still allowing for meaningful aggregation or pattern detection. The predetermined granularities can be adjusted based on the required level of privacy and the specific use case.
27. The memory of claim 25 , wherein determining reduced resolution versions of the time-stamped geolocations in the location history comprises: selecting an identifier from a set of identifiers to reduce the granularity of a location of a given time-stamped geolocation responsive to coordinates of the location indicating a geographic area corresponding to the identifier, wherein: the location of the given time-stamped geolocation includes the coordinates, as measured by the location detector, and the set of identifiers have a predetermined granularity less than location coordinates and each identifier in the set corresponds to a given geographic area.
This invention relates to systems for processing and reducing the resolution of time-stamped geolocation data stored in a memory. The problem addressed is the need to reduce the granularity of location data while preserving meaningful geographic information, particularly for privacy or storage efficiency purposes. The system involves a memory storing a location history of time-stamped geolocations, each including precise coordinates measured by a location detector. To reduce resolution, the system selects an identifier from a predefined set, where each identifier corresponds to a broader geographic area. The selection is based on whether the precise coordinates of a given geolocation fall within the geographic area associated with an identifier. The identifiers have a predetermined granularity coarser than the original coordinates, allowing the system to replace fine-grained location data with a more generalized identifier. This approach ensures that location data is anonymized or aggregated without losing contextual geographic relevance. The method applies to any system handling location histories, such as mobile devices or tracking applications, where reducing data precision is necessary for compliance, efficiency, or user privacy.
Unknown
May 5, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.